Closed GuidoKiener closed 1 year ago
Neustradamus
commented
1 year ago @GuidoKiener: Thanks :)
Maybe you can look for -PLUS variants?
There is a recent history with jabber.ru MITM and SCRAM-SHA-*-PLUS is the security solution!
Some sources about jabber.ru:
mistotebe
commented
1 year ago Maybe you can look for -PLUS variants?
There is a recent history with jabber.ru MITM and SCRAM-SHA-*-PLUS is the security solution!
@Neustradamus: You realise your comment looks irrelevant, since cyrus-sasl has supported SCRAM-*-PLUS for a while now? It can be used so long as the caller provides the relevant channel binding.
Neustradamus
commented
1 year ago @mistotebe: It is not clear, sorry. "RFC 9266: Channel Bindings for TLS 1.3" is not supported and it is for SCRAM-SHA-*-PLUS variants.
mistotebe
commented
1 year ago I am not sure why you keep spamming existing tickets/PRs of an open source project with the same message, you have made your point already and more isn't helping. If you really want it resolved, please participate in development one way or the other.
GuidoKiener
commented
1 year ago @mistotebe: It is not clear, sorry. "RFC 9266: Channel Bindings for TLS 1.3" is not supported and it is for SCRAM-SHA-*-PLUS variants.
I will have a look on it next weekend. I guess the channel binding issue can solved with imapd but not with httpd.
Neustradamus
commented
1 year ago @GuidoKiener: Thanks in advance :)
Can you look "tls-server-end-point" too?
It is in:
cc: @aamelnikov.
Using mechanism SCRAM, a client does not abort authentication when the given iteration counter is lower than 4096.
A hostile server can send a small iteration counter (e.g. 1) and forces the client to send a ClientProof that is calculated with lowest computation time. Thus the hostile server can recover the client's password faster with an offline dictionary or brute-force attack.
This fix compares the iteration counter with the recommended minimum of 4096 and aborts the authentication if the server violates the recommended minimum.